no-OS
Loading...
Searching...
No Matches
noos_mbedtls_config.h
Go to the documentation of this file.
1/***************************************************************************/
34
35#ifndef NOOS_MBEDTLS_CONFIG_H
36#define NOOS_MBEDTLS_CONFIG_H
37
38/*
39 * For an easy configuration of mbedtls library only this macros from user
40 * configuration should be modified. For more in deepth configuration see
41 * https://tls.mbed.org/ and noos/libraries/mbedtls/includes/config.h
42 */
43
44#define MBEDTLS_DEBUG_C
45#define MBEDTLS_ERROR_C
46
47/* Latest supported version by mbedtls */
48#define ENABLE_TLS1_2
49
50/*
51 * Enabled chipersuites.
52 * Ordered from most preferred to least preferred in terms of security.
53 *
54 * These are the chipersuites supported by http://test.mosquitto.org
55 * or the local mqtt server: https://mosquitto.org/download
56 * For the moment there will be examples only for this servers but these
57 * chipersuites should work for other servers too.
58 */
59
60//#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384
61//#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA
62#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256
63//#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256
64//#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA
65
66/* Eliptic curves to be used by the chiper */
67#define ENABLE_ECP_DP_SECP256R1_ENABLED
68//#define ENABLE_ECP_DP_SECP384R1_ENABLED
69
70/*
71 * Parse certificates in PEM format.
72 * If not defined, only DER format can be used.
73 * On ADuCM3029 DER is recommended due to memmory limitations
74 */
75#define ENABLE_PEM_CERT
76
77/*
78 * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
79 * If not defined, default of 16kb will be used.
80 * 2000 is a eoungh to do the tls handshake and is no to much
81 * platforms with memory constrains like ADuCM3029
82 */
83//#define MAX_CONTENT_LEN 2500
84
85/*
86 * ENABLE_MEMORY_OPTIMIZATIONS should be defined in the case memory
87 * is not enough. This could happen is using both a secure connection with
88 * server an client verification.
89 */
90#define ENABLE_MEMORY_OPTIMIZATIONS
91
92/* Minimal requirements */
93/* Hardware entropy is used (trng.h) */
94#define MBEDTLS_NO_PLATFORM_ENTROPY
95/* RNG is supplied externally via the hardware TRNG (mbedtls_ssl_conf_rng), so
96 * ECP does not need an internal DRBG. Required by mbedTLS >= 2.28 check_config. */
97#define MBEDTLS_ECP_NO_INTERNAL_RNG
98/* Needed in order to use TLS features */
99#define MBEDTLS_SSL_TLS_C
100/* TLS Client features */
101#define MBEDTLS_SSL_CLI_C
102
103/*
104 * Define available chippersuites. Available only if the requierements are meet.
105 * The requierements are generated depending on user configuration
106 */
107#define MBEDTLS_SSL_CIPHERSUITES \
108 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,\
109 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,\
110 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\
111 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\
112 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
113
114#ifdef MAX_CONTENT_LEN
115#define MBEDTLS_SSL_MAX_CONTENT_LEN MAX_CONTENT_LEN
116#endif
117
118#ifdef ENABLE_TLS1_2
119
120#define MBEDTLS_SSL_PROTO_TLS1_2
121
122/* Key exchange enabled types */
123#if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \
124 defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA) || \
125 defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \
126 defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256) || \
127 defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA) )
128
129/* Enable KEY_EXCHANGE_ECDHE_RSA_ENABLED if used one of these chipersuites is defined */
130#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
131
132#endif /* Chipers that use ENABLE_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
133#endif /* ENABLE_TLS1_2 */
134
135#ifdef ENABLE_MEMORY_OPTIMIZATIONS
136
137#define MBEDTLS_AES_ROM_TABLES
138#define MBEDTLS_ECP_WINDOW_SIZE 2
139
140#endif /* ENABLE_MEMORY_OPTIMIZATIONS */
141
142#ifdef ENABLE_PEM_CERT
143
144#define MBEDTLS_BASE64_C
145#define MBEDTLS_PEM_PARSE_C
146
147#endif /* ENABLE_PEM_CERT */
148
149/* Dependencies for MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
150#ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
151
152#define MBEDTLS_RSA_C
153#define MBEDTLS_BIGNUM_C
154#define MBEDTLS_OID_C
155#define MBEDTLS_ECDH_C
156#define MBEDTLS_ECP_C
157#define MBEDTLS_PK_C
158#define MBEDTLS_PK_PARSE_C
159#define MBEDTLS_PKCS1_V15
160#define MBEDTLS_ASN1_PARSE_C
161#define MBEDTLS_X509_USE_C
162#define MBEDTLS_X509_CRT_PARSE_C
163
164#ifdef ENABLE_ECP_DP_SECP256R1_ENABLED
165#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
166#endif
167#ifdef ENABLE_ECP_DP_SECP384R1_ENABLED
168#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
169#endif
170
171#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
172
173#ifdef MBEDTLS_SSL_TLS_C
174#define MBEDTLS_MD_C
175#define MBEDTLS_CIPHER_C
176#endif /* MBEDTLS_SSL_TLS_C */
177
178#if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384) ||\
179 defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA) ||\
180 defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA) ||\
181 defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256) ||\
182 defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256) )
183
184# define MBEDTLS_AES_C
185
186# if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA) || \
187 defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA) || \
188 defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256) )
189# define MBEDTLS_CIPHER_MODE_CBC
190# if defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
191# define MBEDTLS_SHA256_C
192# endif
193# if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA) || \
194 defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA))
195# define MBEDTLS_SHA1_C
196# endif
197# endif
198
199# if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \
200 defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384))
201# define MBEDTLS_GCM_C
202# if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256))
203# define MBEDTLS_SHA256_C
204# endif
205# if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384))
206# define MBEDTLS_SHA512_C
207# endif
208# endif
209
210#endif
211
212#ifdef MBEDTLS_SSL_PROTO_TLS1_2
213#if (!defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA256_C) &&\
214 !defined(MBEDTLS_SHA1_C))
215#define MBEDTLS_SHA256_C
216#endif
217#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
218
219/* Check if the configuration is ok */
220#include "mbedtls/check_config.h"
221
222#endif /* NOOS_MBEDTLS_CONFIG_H */